Here’s a great resource for sample security policies from the North Carolina Healthcare Information and Communications Alliance. Tons of sample policies are available for download on a wide variety of topics including:
- Security Management Process
- Risk Analysis
- Risk Management
- Sanction Policy
- Information System Activity Review
- Assigned Security Responsibility
- Workforce Security
- Authorization and/or Supervision
- Workforce Clearance Procedure
- Termination Procedures
- Information Access Management
- Access Authorization
- Access Establishment and Modification
- Security Awareness and Training
- Security Reminders
- Protection from Malicious Software
- Log-in Monitoring
- Password Management
- Security Incident Procedures
- Response and Reporting
- Contingency Plan
- Data Backup Plan
- Disaster Recovery Plan
- Emergency Mode Operation Plan
- Testing and Revision Procedure
- Applications and Data Criticality Analysis
- Evaluation
- Business Associate Contracts and Other Arrangements
- Facility Access Controls
- Contingency Operations
- Facility Security Plan
- Access Control and Validation Procedures
- Maintenance Records
- Workstation Use
- Workstation Security
- Device and Media Controls
- Disposal
- Media Re-Use
- Accountability
- Data Backup and Storage
So far this is the most comprehensive source of sample security policies that I’ve found. Check it out!
